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REMARKS 

I. ADVISORY ACTION ERROR 

Applicant notes that the Advisory Action was sent two months and two days after the 
third month following the Final Office Action. Applicant had responded to the Final Office 
Action within the two month period. The Advisory Action incorrectly stated that the period for 
reply expires 3 months from the mailing date of the final rejection. Applicant respectfully 
requests that the Advisory Action be corrected and that the Applicant is not charged for the 
three month extension, but rather a one month extension. 

II. STATUS OF CLAIMS 

Claims 1-2, 5-14, 17-26, and 29-36 are pending in the Application. Claims 3, 4, 15, 16, 
27, and 28 have been canceled. 

III. REJECTION BASED ON 35 U.S.C. §102(e) 

The Office Action has rejected Claims 1-36 under 35 U.S.C. 102(e) as being 
anticipated by McManis (U.S. Pat. No. 5,757,914). The rejection is respectfully traversed. 

Claims 1,13, and 25 have been amended to clarify the invention. Claims 1,13, and 25 
now incorporate the elements of Claims 3, 4, and 15, 16, and 27, 28, respectively. No new 
matter has been added. Claims 1,13, and 25 appear as follows: 

1 . A method of securely invoking an access control function, the method 
comprising the steps of: 

receiving a digital signature for the access control function; 

generating a mapping of the access control function to the digital signature; 
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determining that the digital signature is mapped to the access control function 
based on the mapping when execution of the access control function is 
requested; 

generating a plurality of records mapping access control events to access control 
functions; 

detecting that an access control event related to controlling access to 
information resources on a computer system has occurred; 

determining that the access control event is mapped to the access control 
function; 

retrieving an executable element if the access control event is mapped to the 

access control function; 
generating a digital signature for the retrieved executable element; 
determining whether the retrieved executable element matches the access 

control function by comparing the digital signature of the retrieved 

executable element and the digital signature for the access control 

function; and 

executing the retrieved executable element only when the retrieved executable 

element matches the access control function. 
A computer-readable medium carrying one or more sequences of one or more 
instructions for securely invoking an access control function, the one or more 
sequences of one or more instructions including instructions which, when 
executed by one or more processors, cause the one or more processors to 
perform the steps of: 

receiving a digital signature for the access control function; 
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generating a mapping between a plurality of access control events and a 

plurality of access control functions; 
determining that the digital signature is mapped to the access control function 

based on the mapping when execution of the access control function is 

requested; 

generating a plurality of records mapping access control events to access control 
functions; 

detecting that an access control event related to controlling access to 
information resources on a computer system has occurred; 

determining that the access control event is mapped to the access control 
function; 

retrieving an executable element if the access control event is mapped to the 

access control function; 
generating a digital signature for the retrieved executable element; 
determining whether the retrieved executable element matches the access 

control function by comparing the digital signature of the retrieved 

executable element and the digital signature for the access control 

function; and 

executing the retrieved executable element only when the retrieved executable 
element matches the access control function. 
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An access control system, comprising: 
a processor; 

a memory coupled to the processor; 

a first mapping that maps each of a set of access control functions to a digital 

signature of that access control function; 
the processor configured to retrieve an executable element in response to a 

request to execute a first access control function; 
the processor configured to generate a plurality of records mapping access 

control events to access control functions; 
the processor configured to detect that an access control event related to 

controlling access to information resources on a computer system has 

occurred; 

the processor configured to determine that the access control event is mapped to 

the access control function; 
the processor configured to retrieve an executable element if the access control 

event is mapped to the access control function; 
the processor configured to generate a digital signature for the retrieved 

executable element; 

the processor configured to determine whether the retrieved executable element 
matches the first access control function by comparing the digital 
signature of the retrieved executable element and the digital signature 
for the first access control function; and 

the processor configured to execute the retrieved executable element when the 
retrieved executable element matches the first access control function. 
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Since Claim 1 has incorporated the elements of Claims 3 and 4, the Office Action 
rejections of those claim elements will be addressed. In particular, McManis does not teach or 
disclose a system that generates a plurality of records mapping access control events to access 
control functions and detecting that an access control event related to controlling access to 
information resources on a computer system has occurred as claimed in Claims 1, 13, and 25. 
There is no disclosure of access control events in McManis, nor does McManis disclose 
generating a plurality of records mapping access control events related to controlling access to 
information resources on a computer system to access control functions. McManis teaches a 
program module verifier that verifies program modules and has no relationship to controlling 
access to information resources on a computer system. Therefore Mcmanis does not 
contemplate such a system. 

The Office Action generally refers to McManis with respect to Claim 4, but does not 
detail the rejection with particularity. 

The Office Action does not address the element of Claim 4 that determines that the 
access control event is mapped to the access control function. McManis does not disclose 
generating a plurality of records mapping access control events to access control functions. 
Therefore, McManis does not disclose or contemplate determining that an access control event 
is mapped to an access control function because no such mechanism could be taught by 
McManis when the generation of a plurality of records mapping access control events to access 
control functions is not contemplated in McManis. 

Additionally, with respect to Claim 3, the Office Action states that "McManis discloses 
wherein the method further includes the step of detecting that an access control event has 
occurred ... (see col. 3, lines 59-67, col. 4, lines 1-15)". However, there is no mention of 
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detecting that an access control event related to controlling access to information resources on 
a computer system has occurred in McManis. McManis teaches that a procedure can be 
verified for authenticity and then executed. This has no relationship to detecting that an access 
control event related to controlling access to information resources on a computer system has 
occurred. Col 3, line 59-col. 4, line 15 states: 

"Referring to FIGS. 2 and 3, an executable procedure (e.g., the "main 
application A procedure" 128-A in FIG. 1) in program module A begins execution (step 
200). For the purposes of this discussion, the procedure in program module A that is 
being executed will be called "procedure A" and the procedure that it is attempting to 
call in program module B will be called "procedure B". 

Prior to making a procedure call to an executable procedure in program module 
B (step 220), procedure A makes a procedure call to the verifier to request verification 
of the authenticity of program module B (step 202). The verifier then attempts to verify 
the authenticity of program module B and sends a return value to procedure A to 
indicate whether or not the verification of program module B was successful (step 204). 

More specifically, the verifier, which is preferably a distinct trusted object (or 
alternately a trusted system service procedure) receives the request message from 
procedure A (step 206), and decodes (step 208) a digital signature embedded in 
program module B using a public key provided by the calling procedure (i.e., procedure 
A). The public key provided by calling procedure A to the verifier is the "group" public 
key 126- A embedded in program module A." 

McManis clearly does not teach or disclose detecting that an access control event 
related to controlling access to information resources on a computer system. McManis does 
not address access control events related to controlling access to information resources on a 
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computer system, nor does he disclose the detection of such events. Therefore, McManis does 
not contemplate such a feature. 

The Office Action further states that "McManis discloses . . . and wherein the step of 
retrieving the executable element is performed in response to detecting that the event has 
occurred (see col. 3, lines 59-67, col. 4, lines 1-15)". However, as noted above, McManis does 
not contemplate detecting that an access control event related to controlling access to 
information resources on a computer system has occurred. Without such detection, McManis 
could not teach or disclose what the Office Action states. There is no relationship between 
McManis' teaching that a procedure can be executed and Claim 1 's element of retrieving an 
executable element if the access control event is mapped to the access control function. 

McManis therefore does not teach every aspect of the claimed invention. 

In a proper rejection under § 102(e) the cited reference must show each and every 
claimed feature in the same combination as arranged in the claim. See Lewmar Marine, Inc. v. 
Barient, Inc. , 827 F.2d 744, 747-48, 3 USPQ2d 1766, 1768 (Fed. Cir. 1987). If even a single 
element or limitation is missing from the reference, anticipation is not found. Connell v. Sears, 
Roebuck & Co. , 722 F.2d 1542, 1548, 220 USPQ 193, 198 (Fed. Cir. 1983). 

Claims 1, 13, and 25 are therefore allowable. Claims 2, 5-12 and 14, 17-24 and 26, 29- 
36 are dependent upon Claims 1, 13, and 25, respectively, and are allowable. Applicant 
respectfully requests that the Examiner withdraw the rejection under 35 U.S.C. 102(e). 

III. CONCLUSIONS & MISCELLANEOUS 

Applicant respectfully requests that a timely Notice of Allowance be issued in this case. 
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The Applicants believe that all issues raised in the Office Action have been addressed 
and that allowance of the pending claims is appropriate. Entry of the amendments herein and 
further examination on the merits are respectfully requested. 

The Examiner is invited to telephone the undersigned at (408) 414-1214 to discuss any 
issue that may advance prosecution. 

No fee is believed to be due specifically in connection with this Reply. To the extent 
necessary, Applicants petition for an extension of time under 37 C.F.R. § 1.136. The 
Commissioner is authorized to charge any fee that may be due in connection with this Reply to 
our Deposit Account No. 50-1302. 

Respectfully submitted, 

HICKMAN PALERMO TRUONG & BECKER LLP 



Dated: November 4, 2005 




Reg. No. 43,284 

2055 Gateway Place, Suite 550 
San Jose, California 95 1 1 0- 1 089 
Telephone No.: (408) 414-1080 ext. 214 
Facsimile No.: (408) 414-1076 



CERTIFICATE OF MAILING 

I hereby certify that this correspondence is being deposited with the United States Postal 
Service as first class mail in an envelope addressed to: Mail Stop RCE, Commissioner for 
Patents, P.O. Box 1450, Alexandria, VA 

November 4, 2005 ' 
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Statement Regarding Errors in Advisory Action 



Applicant notes that the Advisory Action was sent two months and two days after 
the third month following the Final Office Action. Applicant had responded to the Final 
Office Action within the two month period. The Advisory Action incorrectly stated that 
the period for reply expires 3 months from the mailing date of the final rejection. 

Applicant respectfully requests that the Advisory Action be corrected and that the 
Applicant is not charged for the three month extension, but rather a one month 
extension. 

Applicant has attached a copy of the Advisory Action. 
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THE REPLY FILED 07 July 2005 FAILS TO PLACE THIS APPLICATION IN CONDITION FOR ALLOWANCE. 

1 . □ The reply was filed after a final rejection, but prior to or on the same day as filing a Notice of Appeal. To avoid abandonment of 

this application, applicant must timely file one of the following replies: (1) an amendment, affidavit, or other evidence, which 
places the application in condition for allowance; (2) a Notice of Appeal (with appeal fee) in compliance with 37 CFR 41.31; or 
(3) a Request for Continued Examination (RCE) in compliance with 37 CFR 1 .1 14. The reply must be filed within one of the 
following time periods: 

a) [3 The period for reply expires 3_months from the mailing date of the final rejection. 

b) CZI The period for reply expires on: (1 ) the mailing date of this Advisory Action, or (2) the date set forth in the final rejection, whichever is later. In no 

event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of the final rejection. 

Examiner Note: If box 1 is checked, check either box (a) or (b). ONLY CHECK BOX (b) WHEN THE FIRST REPLY WAS FILED WITHIN TWO 

MONTHS OF THE FINAL REJECTION. See MPEP 706.07(f). 
Extensions of time may be obtained under 37 CFR 1 .136(a). The date on which the petition under 37 CFR 1 .136(a) and the appropriate extension fee have 
been filed is the date for purposes of determining the period of extension and the corresponding amount of the fee. The appropriate extension fee under 37 
CFR 1 .1 7(a) is calculated from: (1 ) the expiration date of the shortened statutory period for reply originally set in the final Office action; or (2) as set forth in (b) 
above, if checked. Any reply received by the Office later than three months after the mailing date of the final rejection, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 704(b). 
NOTICE OF APPEAL 

2. DThe Notice of Appeal was filed on . A brief in compliance with 37 CFR 41.37 must be filed within two months of the date 

of filing the Notice of Appeal (37 CFR 41.37(a)), or any extension thereof (37 CFR 41.37(e)), to avoid dismissal of the appeal. 
Since a Notice of Appeal has been filed, any reply must be filed within the time period set forth in 37 CFR 41.37(a). 
AMENDMENTS 

3. O The proposed amendment(s) filed after a final rejection, but prior to the date of filing a brief, will not be entered because 

(a) IZI They raise new issues that would require further consideration and/or search (see NOTE below); 

(b) EH They raise the issue of new matter (see NOTE below); 

(c) [ZI They are not deemed to place the application in better form for appeal by materially reducing or simplifying the issues for 

appeal; and/or 

(d) E] They present additional claims without canceling a corresponding number of finally rejected claims. 

NOTE: . (See 37 CFR 1.1 16 and 41.33(a)). 

4. O The amendments are not in compliance with 37 CFR 1.121. See attached Notice of Non-Compliant Amendment (PTOL-324). 

5. O Applicant's reply has overcome the following rejection(s): . 

6. □ Newly proposed or amended claim(s) would be allowable if submitted in a separate, timely filed amendment canceling 

the non-allowable claim(s). 

7. [3 For purposes of appeal, the proposed amendment(s): a) will not be entered, or b) □ will be entered and an explanation of 

how the new or amended claims would be rejected is provided below or appended. 
The status of the claim(s) is (or will be) as follows: 

Claim(s) allowed: . 

Claim(s) objected to: . 

Claim(s) rejected: 1,2,5-14,17-26 and 29-36 . 

Claim(s) withdrawn from consideration: . 

AFFIDAVIT OR OTHER EVIDENCE 

8. □ The affidavit or other evidence filed after a final action, but before or on the date of filing a Notice of Appeal will not be entered 

because applicant failed to provide a showing of good and sufficient reasons why the affidavit or other evidence is necessary 
and was not earlier presented. See 37 CFR 1.116(e). 

9. □ The affidavit or other evidence filed after the date of filing a Notice of Appeal, but prior to the date of filing a brief, will not be 

entered because the affidavit or other evidence failed to overcome all rejections under appeal and/or appellant fails to provide a 
showing a good and sufficient reasons why it is necessary and was not earlier presented. See 37 CFR 41 .33(d)(1 ). 

10. □ The affidavit or other evidence is entered. An explanation of the status of the claims after entry is below or attached. 
REQUEST FOR RECONSIDERATION/OTHER 

11. The request for reconsideratipn has been considered but does NOT place the application in condition for allowance because: 
See Continuation Sheet. 

12. □ Note the attached Information Disclosure Statement(s). (PTO/SB/08 or PTO-1449) Paper No(s). 

13. □ Other: . 
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Continuation of 11. does NOT place the application in condition for allowance because: the Applicant's remarks do not overcome the 
rejection. The Applicant argues in regards that McManis does not disclose a mapping between access control events to access control 
functions. The Examiner disagrees with the Applicant. Each application program object instance includes a digital signature, and a main 
procedure which includes a verifier procedure call(see col. 3, lines 8-17 of McManis). that McManis does not disclose access control 
events. McManis does disclose detecting that an acess control event has occurred, because McManis discloses that the verifier 
attempts to verify the authenticity of program module B and sends a return value A to indicate whether or not the verification of program 
module B was successful. The Examiner states that this is an access control event. If the Examiner wishes to claim a more specific 
definition of an access control event than the Applicant is urged to do so. . 
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